Identity theft: prevention, detection, and legal remedies

Identity Theft

In America and the rest of the world that uses internet regularly the emerging issue or the problem is that of identity theft. It is considered to be the fastest growing crime in America as millions of victims have been reported over a period of last couple of years. Identity theft is a crime when someone uses the personal information such as name, Social Security number, credit card number or other identifying information, without the permission of the concerned person to commit fraud or other crimes typically for economic gain. Identity theft can happen to anyone when an opportunity arises and thieves are not very particular to one's age.

Unlike our fingerprints, which are unique to each one of us and cannot be given to someone else for their use, our personal data - especially our Social Security number, our bank account or credit card number, our telephone calling card number, driver's license, PIN numbers, debit card numbers and other valuable identifying data - can be abused. If they fall into the wrong hands such as those criminal who steal identities the consequences could be very severe and damaging. In the United States and Canada, criminals have abused identities using Internet and computers. The Internet has become a breeding ground for criminals to obtain identifying data, such as passwords or even banking information. Many people respond to "Spam" - or unsolicited E-mail - that promises them some benefit but requests identifying data, without realizing that in many cases, the requester has no intention of keeping his promise. This is how criminals obtain large amount of personal data.

Identities have been used for false applications for loans and credit cards, fraudulent withdrawals from bank accounts, fraudulent use of telephone calling cards, or obtaining other goods or privileges while some criminals have taken over identities altogether, running up vast debts and committing crimes while using the victim's names and the irony is that most victims don't even know how the perpetrators got their identity numbers and also the victim often has to prove his or her innocence.. As a result consumer fraud has threatened both the consumers and the economy, as it has become a big business now. For example, Federal Trade Commission (FTC) receives more questions and concerns about credit and credit fraud than any other topic.

Methods of Identity Theft

There are many methods being used for identity theft but when it comes to Internet then Phishing, Pharming and Spyware are commonly used. "The Internet Crime Complaint Center (IC3), a clearinghouse for law enforcement agencies dealing with cyber crime, received 103,959 complaints of genuine Internet fraud in 2004, according to its 'Internet Fraud Report.' Of those complaints, 71.2% involved online auction fraud, while credit or debit card fraud accounted for only 5.4%. Of the actual fraudulent transactions, 63% were performed via e-mail, while 23% were done via Web sites, real or false" (Bosworth, 2005).

Spyware

Spyware is a special kind of software that helps in collecting information about a person or organization without their knowledge usually by taking control over a computer connected to the Internet. Spyware gets installed on computers as part of free software, such as games and screen savers, and offered on the Internet. Email attachments, web links, and music or video downloads have also become a big source of spyware. Sometimes it also happens that a person is not even downloading any software or opening any email attachments but still some of the spywares are so strong that they can also exploit web browser vulnerabilities in "drive-by" downloads. These softwares try to make people believe about the legitimacy of certain downloads like web browser updates. Some common spywares used by cyber thieves include:

Keyloggers: Keyloggers as the name suggest use information put in by pressing key for passwords, account numbers, and usernames etc. Every keystroke a computer user makes is recorded and the information collected is used to commit crimes because of stolen identities. Mostly web sites are used for spreading keylogger programs.

Redirectors: This is the method in which users are redirected to a fake website where the user is asked to punch in the key information like password, username, and account information. Mostly these are counterfeit websites that imitate the genuine website.

Remote Access: it is one of the sophisticated methods in which criminals take control of a computer from a remote access point and use it not only for identity theft but also for illegal activities, such as sending spam or phishing emails or spreading keylogger programs.

As an immediate effect of these softwares computer of the users becomes slow and some systems even lead to a situation where they crash. Once these softwares make a place in a computer they reduce the consumer's ability to control his or her own computer by making changes to the computer's settings, including security settings. Apart from personal computers these spywares also affect computerized databases maintained by businesses, universities, and government agencies. The softwares were initially meant to monitor the computer use of employees and parents monitoring their children's online activities but presently they are increasingly used for identity theft. Even if these softwares are not used in identity theft still they cause a lot of trouble both mental and monetary in redressing the issues related to their computer's performance.

Phishing

Phishing is the act of faking as a legitimate business requiring information from the users through email for instance from a government representative or famous charity organization asking for donations etc. Or a fake web site like legitimate auction or merchant site etc. Bulk emailing is the most commonly method used for phishing. Phishing, however, is different from the spam email selling certain products or services in the sense that it persuades the user to voluntarily submit information. The emails are sent to million of users faking to be the representative of a particular company. Some of these receivers would turn out to be the actual customers of that particular company and thus they submit information. Apart from the personal users phishing has also affected government organizations like Internal Revenue Service. Some emails have been generated using the Internal Revenue Service ids asking users to submit key information like social security and credit card numbers. Phishers use such well-known and public organizations because people normally interact with them regularly through emails or web sites.

Some times phishers use the combination of emails and fake website to lure users into submitting their key information. Generally they send emails to users mentioning some serious issue which requires them to instantly log on to the official web site but these emails have links that appear to be original but take them to a fake web site on which users end up surrendering their important information.

Phishers after taking hold of information of users use them for their own benefits but some of them also sell such key information to other criminal organizations or individuals. Stolen information is easily available for sale even on internet. The whole market operates for the sale of data as well as sale and purchase of malicious software. Spyware and other software makers contact phishers. Buyers, sellers, intermediaries and other service personnel interact in this identity theft industry to plunder millions of internet users and even those who are not the regular users

Phishing is bait in which innocent and mostly new users get caught. With the passage of time the methods have advanced and emails and web sites have become more sophisticated and believable. Some sophisticated groups of phishing have used more advanced form of phishing called spear phishing in which they target specific users. "This hybrid form of phishing casts lures for specific victims instead of casting a net across cyberspace to catch hordes of unknown prey. Security specialists say that spear phishing is much harder to detect than phishing. Messages appear to be legitimately sent from well-known organizations with a twist, the e-mails are targeted at people known to have an established relationship with the imitated sender" (Brody, Mulig & Kimball, 2007).

Pharming

Pahrming can be considered an advanced form of phishing. Spyware, keyloggers, domain spoofing, domain hijacking, or domain cache poisoning are commonly used for Pharming but hijacking a web site and redirecting visitors to a fake site is the most commonly used method as discussed under spyware. Previously pharmers used emails to infect a users computer as when the user opened the email it directed to a particular web site that installed spyware on a user's PC. However, the technology for pharmers has advanced and they are not dependent on emails anymore. Viruses can attack using messengers or using key loggers

Pharmers also act in a very organized manner on the Internet. They now use variety of sophisticated method to redirect the traffic to their web sites. Changing web addresses, domain names, and slamming procedures these criminals have abused the information of many users on the Internet. As indicated earlier these pharmers have also not spared multinational, government or non-government organizations. Pharmers now not only small local servers operated by Internet service providers (ISP) but they also target the 13 servers on which all other DNS servers depend.

Implications

Businesses & Large Organizations: Among large scale businesses that get affected includes the financial sector other than individuals. Electronic banking services have been greatly affected by these criminals who are euphemistically called hackers or crackers who conduct phishing or pharming. They not only steal the information and enter into the security system of banks but when they are caught they also retaliate. They retaliate using computer viruses, "worms" and "logic bombs" that can destroy hard drives. While robbers of banks using guns and other such weapons can also steal big amounts but they could end up in prison and the amount looted could be recovered. In case of these hackers, the sleuths have new technological tactics to deal with. These criminals use technology to support their criminal intentions. "Jeffry Scheel, president and CEO with Vocent, Mountain View, Calif., points out that the rising tide of password theft with tools like phishing, pharming, and spyware has more than a few banks on the hunt for solutions with broad reach" (Bielski, 2005).

All the big companies own up to the fact that some hackers and crackers have accessed their computerized information through phishing & pharming. A number of these organizations, banks and financial institutions had to suffer losses due to computer frauds. In 1994, the hackers' activities made headlines when these computer savvy and technology driven criminal broke into "firewalls," or security systems of Citibank. Citibank had to revamp its security system to prevent any future problems but the technical expertise of these criminals cannot be checked. They might update their skills and get back with more vengeance and greater technological prowess.

Computer frauds and hacking activities have become a constant war with these intelligent criminals. There have been instances in which they have been able to capture the complete systems of Internet service providers and even threatened them to destroy their system and to distribute all the credit card information. In certain cases there have been employees who sabotaged the whole system. Internal employees having access to critical files have also caused trouble in certain cases. Dealing with an outsider as well an insider is a hard to juggle task. All the major banks and financial institution are deeply worried about electronic money, open-access World Wide Web sites, investment dealings world wide and the threat of those breaking into secure systems.

Individuals: People whose identities have been stolen can spend months or years cleaning the mess. Their hard-earned money is lost for no reason at all. Cleaning up the mess that the thieves have made by using good name and credit record is a Herculean task. In the meantime, victims may lose job opportunities, be refused loans, education, housing or cars, or even get arrested for crimes they didn't commit. A victim's losses may include not only out-of-pocket financial losses, but also substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.

Correcting incorrect information about the financial or personal status, and trying to restore the good names and reputations are daunting tasks for the victims of identity theft and fraud. The damages done by the criminals take far longer to undo than it took the criminal to commit the crimes. Victims can suffer a lot once their identity has been stolen and abused. The hard-earned money of the person is lost for no reason at all. Apart from the financial aspect, peace of mind is also stolen along with the identity, as the victims have to go through a lot of trauma as a result of the crime. The proportion with which the crime has grown has also caused a dent on the economy. Some credit companies now keep a certain provision for the losses related to identity theft. Hence there are greater implications of the crime and the gravity of the situation is needed to be understood.